Identity Awareness - Browser-Based Authentication - Radius - Identity Sharing

Duane_Monroe1 — Sat, 08 Jun 2019 16:20:16 GMT

I have 2 security appliances running Identity Awareness using Browser-Based Authentication with Radius. The Portal runs on Appliance A. Appliance B has the Portal Network Location set to Appliance A.

A Identity Rule is installed on Appliance A & B that should allow this traffic if Appliance B is aware of my identity.

If I am on a network behind Appliance A and authenticate with the Portal, Appliance B will not let me through the Firewall based on my Identity. Appliance A will allow traffic though its firewall based on my Identity.

I do have "Get Identities from other gateways" enabled on Appliance B and defined as Appliance A. From what I understand, Identity Sharing only works with AD Query. I am using Radius.

I do not want users to be required to authenticate with multiple portals. Providing access based on identity rather than location on the network is a requirement of implementation.

I am not interested in authentication based on AD credentials. I know AD would work but we don't trust AD credentials.

Is this possible?

Re: Identity Awareness - Browser-Based Authentication - Radius - Identity Sharing

PhoneBoy — Sat, 08 Jun 2019 23:11:01 GMT

Identity Sharing should work regardless of how the identities are acquired.
If you're not using Active Directory, where are the groups coming from in this case?

topic Re: Identity Awareness - Browser-Based Authentication - Radius - Identity Sharing in Firewall and Security Management

Identity Awareness - Browser-Based Authentication - Radius - Identity Sharing

Re: Identity Awareness - Browser-Based Authentication - Radius - Identity Sharing